Passwords and User ID Policy
Hillsdale Housing Commission
45 N. West Street ¨ Hillsdale, MI  49242
Phone: (517) 439-1210 ¨ Fax: (517) 439-9577 ¨ E-mail: mail@hillsdalehousing.org

Home
Commission
Staff
Hilltop Apartments
Our Favorite Links
PHA Downloads
Policies
Minutes
Search HHC
Feedback
Image Gallery
Rental Application
RFPs and RFQs

Click here to download the Microsoft Word Version of this Policy

Passwords and User ID Integrity Policy

Overview

An unauthorized individual could post invalid transactions, misuse tenant information, or disrupt service by using an unauthorized user-ID and/or password.  This Policy is designed to enforce password and user ID integrity.

Policies and Procedures

  1. All authorized Commission staff shall be assigned individual user IDs and passwords for internal Commission systems and external HUD and other systems.  The Executive Director shall maintain a list of authorized users and the level of access allowed for each system.
  2. Commission staff shall regularly change passwords to all systems and inform the Executive Director of the change.  The following methods shall be observed regarding passwords:
    1. Passwords shall not be comprised of simple names and/or dates.
    2. Passwords will be comprised of random letters and numbers and shall be at least six (6) characters in length.
    3. Employees shall not use the same password for different accounts, and shall use different passwords each time a password is changed.  Users shall not use the same password more than once.
    4. Passwords shall not be written down, printed out, posted in areas accessible to others, or otherwise made available for others to access.
    5. Users are encouraged to use a password management software package to manage stored passwords.  (See Appendix for a sample list of password management software packages.).

                                                               i.      Password management software packages shall ensure that all passwords are maintained within a master encrypted file. 

                                                             ii.      Users shall not share the master password for any password management software package.  Since federal regulations prohibit sharing HUD and other governmental passwords, the user shall not divulge the password to the Executive Director, Hillsdale Housing Commission, or any other individual or agency.

                                                            iii.      The Executive Director shall be immediately notified of any change of user names or passwords for any system which locks the user out of the system previously granted access.

  1. All Commission staff shall be made aware of the risk of termination for sharing user IDs or passwords.  Such risk shall include, but not be limited to, disciplinary measures, termination or restriction of user access to accounts, termination of employment, civil and criminal charges. 
  2. Terminated users User IDs and Passwords shall be immediately removed from all systems.  The Executive Director shall be responsible for ensuring that terminated user IDs and passwords are removed from systems in a timely manner.

Appendix – Password Management Software Packages

The following is a list of password management software packages that are representative of the password management needs of the Hillsdale Housing Commission.  This list is not meant to be inclusive; it is provided as a guide to help the Policy administrator locate and evaluate software packages which may suit the Commission’s needs.  Products are listed below in no order of preference.

Name

Vendor

Description

URL

Password Pro 32

ZDNet

Freeware – blowfish encryption, random password generation.

www.zdnet.com/downloads

ABI- Key/Password Manager

ABI Software Development

Shareware – From the developer:  ABI- Key/Password Manager is designed to keep track and manage your passwords and keys while protecting them from unauthorized access. It secures your keys and passwords by using a 448 bit Blowfish encryption algorithm, also used in our encryption software ABI- CODER and ABI- SecurePro.

www.abisoft.net

Password Agent Lite

Moon Software

Freeware – From the developer:  Password Agent is a password manager program that allows you to store all your passwords, secret notes and data snippets in a single, easy to navigate, and secure database. Too many passwords to remember? Pieces of paper that you once used to write down your important account information are lost? Want to find required password quickly? Password Agent keeps track all of your different passwords - no problems, no worries. And, it keeps strangers away from accessing your private information.

www.moonsoftware.com/

 

 

 

 

Signature

 

Date

 

 

 

Executive Director

 

Date

 

Approved by the Hillsdale Housing Commission on 07/02/2003 , Resolution #HHC 2004-06